| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
needed to derive from it. Add a new overload of send taking a
std::string for convenience (eg client.send("GET / HTTP/1.0\n\r")).
Let Channel::renegotiatate's force_full_renegotiation argument default
to false.
Fix a bug where if we negotiated TLS v1.2 and our Policy was
configured to only use MD5 we would send an empty allowed signatures
which is maybe bogus or maybe just ambigious (RFC is unclear, though
we reject in this case). To fix this, support putting MD5 in the
signature algorithms extension, and then in choose_sig_format order
first by our hash preference, and only allow hashes that are allowed
by policy. Thus is a client claims to support both SHA-2 and MD5 we'll
choose SHA-2 even if the client put MD5 first (some versions of GnuTLS
ordered the list backwards due to a bug, so this is actually a useful
behavior).
|
|
|
|
| |
style cast in secmem.h
|
|
|
|
|
|
| |
using a custom allocator. Currently our allocator just does new/delete
with a memset before deletion, and the mmap and mlock allocators have
been removed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the peer are automatically responded to. TLS::Channel::heartbeat can
initiate a new heartbeat if the peer allows it. Heartbeat replies are
passed back to the application processing function with an Alert value
of HEARTBEAT_PAYLOAD (a 'fake' value, 256, which is out of range of
the valid TLS alert space), along with the sent payload.
The RFC requires us to have no more than one heartbeat 'in flight' at
a time, ie without getting a response (or a timeout in the case of
DTLS). Currently we do not prevent an application from requesting
more.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
seconds and report that value to the client in the NewSessionTicket
message. After that point, a session ticket is ignored and a full
renegotiation is forced.
Only send a new session ticket on a new session, or on a resumed
session where the client indicated it supports session tickets but for
whatever reason didn't send one in the hello. Perhaps in this case, we
should also remove the session from the session manager?
Clean up server selection of the ciphersuite a bit, all in an anon
function in tls_server instead of scattered over Server, Policy, and
Server_Hello.
Add Session::session_age and Session_Manager::session_lifetime
|
|
|
|
| |
hard-coded key.
|
| |
|
| |
|
|\
| |
| |
| |
| |
| | |
c24b5d6b012131b177d38bddb8b06d73f81f70c4)
to branch 'net.randombit.botan.tls-session-ticket' (head 9977d4c118e1ac26425cef676ebf26cd5b2a470e)
|
| | |
|
| |
| |
| |
| | |
the Alert class for namespacing.
|
| |
| |
| |
| |
| |
| |
| | |
the values let policy specify them. Also choose an ECC curve for
server kex from the client hello. Choice is via policy, default
implementation is to choose the first curve the client supports out of
the server's preference list.
|
| |
| |
| |
| | |
exchange
|
| |
| |
| |
| |
| | |
everything into a new namespace (Botan::TLS), removing the TLS_
prefixes on everything.
|
| |
| |
| |
| |
| |
| |
| | |
directly (if it was sent), so that the client implementation doesn't
have to know what key exchange mechanisms we actually support.
Return a value in ECC curves extension serialization method.
|
| | |
|
| | |
|
| |
| |
| |
| | |
entirely if we see it.
|
| |
| |
| |
| |
| |
| |
| |
| | |
policy. Only functional change here from before is we now send DSA
with SHA-2. This is fine, OpenSSL does it as well and while the spec
says to wait until NIST comes up with a way to prevent hash
impersonation, it doesn't really make sense to avoid possible hash
substitution attacks by using the weakest available hash...
|
| |
| |
| |
| |
| |
| |
| |
| | |
the ciphersuite code and a set of strings specifying the underlying
suite algorithms. Remove it entirely.
Some things are likely broken. One I know about is that we always send
the hash/signature type indicator but should only do so for TLS >= 1.2
|
| |
| |
| |
| |
| |
| | |
remain broken.
New interface for querying the TLS extensions, much cleaner.
|
| |
| |
| |
| |
| |
| |
| |
| | |
basic connection with a GnuTLS server does work. Currently we don't
respect the signature_algorithms extension at all, and using SHA-256
with a 12-byte finished value is hardcoded though the spec is that it
can depend on the ciphersuite (likely relevant for GOST ciphersuites
in particular).
|
| | |
|
|/ |
|
|
|
|
| |
per-se, it's a notification by the client. Rename accordingly.
|
|
|
|
|
|
| |
Add support for NPN on the server side. Server is initialized with the
list of protocols it wants to offer, once the handshake completes the
client requested protocol is available via a getter.
|
|
|
|
| |
tested with google.com:443
|
|
|
|
|
|
|
|
| |
Add a new callback that is called with the session info when a
handshake completes. Currently only called on the server side as
the client doesn't have session resumption yet.
Rename CipherSuite to TLS_Cipher_Suite.
|
|
|
|
|
|
|
| |
on the client side at the moment. Tested with gnutls-cli --recordsize.
Save the fragment size and the secure renegotiation flags in the
session state.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
client and server. Server side can handle SCSV values as well,
client always sends the extension instead.
Handle an empty SNI extension coming back from the server - this is
used to indicate that it understood the name. Also add better checking
for extensions by passing in what the supposed size of the extension
is.
Only send the secure negotiation extension in the server hello if the
client indicated support for it.
|
|
|
|
|
| |
extension (client side only at the moment). Add an interface that
allows applications to request renegotiation.
|
| |
|
|
Add support for sending and reading the SRP identifier extension.
Add some helper classes for managing TLS extensions
Add ciphersuite codes for SRP key exchange.
|